package MDBCWSandbox;

# We need to pretend to be a browser as we send data to CWSandbox
use LWP::UserAgent;
use HTTP::Request::Common;
use HTML::LinkExtor;
use Data::Dumper;

sub CWSubmitSample {

=head1 $cwsandbox_detailspage = CWSubmitSample( $file )

Receives $cwsandbox_detailspage URL for CWSandbox submission of $file

I<Arguments>

=over

=item $file

file to analyze

=back

I<Returns>

=over

=item $cwsandbox_detailspage

URL to CWSandbox detail page for the sample submitted

=back

I<Exceptions>

problems with the distribution extraction, write errors on the file system, ...

=cut

    print "MDBCWSandbox::CWSubmitSample()\n";

    my $file    = shift or die;
    my $browser = LWP::UserAgent->new();
    my $email   = "michael\@malwaredatabase.net";

    $browser->agent( 'Mozilla/5.0 (compatible; MSIE 5.5; Windows 98; Win 9x; Windows 2000)');

    my $file_upload_request = POST 'http://www.cwsandbox.org/?page=submit',
      [
        'upfile' => [$file],
        'email'  => $email
      ],
      'Content_Type' => 'form-data';

    my $parser = HTML::LinkExtor->new();

    my $response = $browser->request($file_upload_request);

    if ( $response->is_success ) {
        if (
            (
                $response->decoded_content =~
                m/You\ have\ already\ submitted\ this\ sample./
            )
            || ( $response->decoded_content =~
m/The\ sample\ you\ have\ submitted\ is\ now\ scheduled\ for\ analysis./
            )
          )
        {
            print "Sample successfully submitted. Fetching report.\n";
            $parser->parse( $response->decoded_content );
            my $base = $response->base;

            foreach my $link ( $parser->links ) {
                if ( $link->[2] =~ m/page=details/ ) {
                    my $details_page = "http://www.cwsandbox.org" . $link->[2];
                    print "Found the details page: $details_page\n";

                    return ($details_page);
                }
            }
        }
    }
    return (undef);
}

sub GetCWXMLReportURL {

=head1 $cwsandbox_reporturl = CWSubmitSample( $cwsandbox_detailspage )

Receives $cwsandbox_reporturl URL for a CWSandbox submission referenced by $cwsandbox_detailspage

I<Arguments>

=over

=item $cwsandbox_detailspage

URL to CWSandbox detail page for a submitted sample

=back

I<Returns>

=over

=item $cwsandbox_reporturl

URL to CWSandbox report for the sample submitted

=back

I<Exceptions>

problems with the distribution extraction, write errors on the file system, ...

=cut

    print "MDBCWSandbox::GetCWXMLReportURL()\n";

    my $details_page = shift
      or die("MDBCWSandbox::GetCWXMLReportURL called without argument");

    my $browser = LWP::UserAgent->new();
    $browser->agent( 'Mozilla/5.0 (compatible; MSIE 5.5; Windows 98; Win 9x; Windows 2000)');
    my $parser   = HTML::LinkExtor->new();
    my $response = $browser->request( GET $details_page );

    if ( $response->is_success ) {
        $parser->parse( $response->decoded_content );
        foreach $link ( $parser->links ) {
            if ( $link->[2] =~
                m/page=download&dltype=pcap&id=([0-9]+)&password=([A-Za-z0-9]+)/
              )
            {

                # Found the PCAP link, time to work some
                # magic and extract the XML URL
                my ( $analysisid, $password ) = ( $1, $2 );
                $cwsandbox_report_url =
                    "http://www.cwsandbox.org/"
                  . "?page=analysis"
                  . "&format=xml"
                  . "&analysisid=$analysisid"
                  . "&password=$password";

                return ($cwsandbox_report_url);
            }
        }
    }
    else {
        die $response->status_line;
    }
    return (undef);
}

1;
